Description of problem: Using Command line openconnect I am able to connect to my work VPN as: sudo openconnect --juniper vpn.xxxx.xxx However the GUI does not seem to have a provision for passing the --juniper switch. Would it be possible to add this ability to the GUI so those of us needing the juniper switch do not need to keep a terminal going in the background for VPN? Version-Release number of selected component (if applicable): Fedora 23 & 24 $ openconnect --version OpenConnect version v7.06-4.fc24 Using GnuTLS. Features present: TPM, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS # dnf info NetworkManager Last metadata expiration check: 1:00:04 ago on Fri May 27 07:17:20 2016. Installed Packages Name : NetworkManager Arch : x86_64 Epoch : 1 Version : 1.2.2 Release : 1.fc24 Size : 10 M Repo : @System From repo : updates-testing
Would it be possible to push the changes to the f24 branch and make an update?
Does this not already work? Create a NM VPN of type 'anyconnect' and then go into it and change the protocol. You don't get the nice pretty top-level choice of Juniper without some more intrusive changes to NM which aren't easy to backport. But you can do it this way, I think.
No, it doesn't work that way. And even manually adding it via: nmcli con add type vpn con-name "Juniper" ifname "*" vpn-type openconnect -- vpn.data "gateway=<gateway-address>,protocol=nc" doesn't work. Here is an example log output for a failed connection: POST https://vpn.sund.ku.dk/linux Attempting to connect to server 192.38.117.10:443 Connected to 192.38.117.10:443 SSL negotiation with vpn.sund.ku.dk Connected to HTTPS on vpn.sund.ku.dk Got HTTP response: HTTP/1.1 302 Found Location: https://vpn.sund.ku.dk/dana-na/auth/welcome.cgi Content-Type: text/html; charset=utf-8 Set-Cookie: DSLaunchURL=2F6C696E7578; path=/; Secure Connection: close Content-Length: 0 HTTP body length: (0) GET https://vpn.sund.ku.dk/linux Attempting to connect to server 192.38.117.10:443 Connected to 192.38.117.10:443 SSL negotiation with vpn.sund.ku.dk Connected to HTTPS on vpn.sund.ku.dk Got HTTP response: HTTP/1.1 302 Found Location: https://vpn.sund.ku.dk/dana-na/auth/welcome.cgi Content-Type: text/html; charset=utf-8 Set-Cookie: DSLaunchURL=2F6C696E7578; path=/; Secure Connection: close Content-Length: 0 HTTP body length: (0) GET https://vpn.sund.ku.dk/dana-na/auth/welcome.cgi SSL negotiation with vpn.sund.ku.dk Connected to HTTPS on vpn.sund.ku.dk Got HTTP response: HTTP/1.1 302 Found Location: https://vpn.sund.ku.dk/ Content-Type: text/html; charset=utf-8 Connection: close Content-Length: 0 HTTP body length: (0) GET https://vpn.sund.ku.dk/ SSL negotiation with vpn.sund.ku.dk Connected to HTTPS on vpn.sund.ku.dk Got HTTP response: HTTP/1.1 302 Found Location: https://vpn.sund.ku.dk/dana-na/auth/url_0/welcome.cgi Content-Type: text/html; charset=utf-8 Set-Cookie: DSSIGNIN=url_0; path=/dana-na/; expires=Thu, 31-Dec-2037 00:00:00 GMT; secure Set-Cookie: DSIVS=; path=/; expires=Thu, 01 Jan 1970 22:00:00 GMT; secure Set-Cookie: DSSignInURL=/; path=/; secure Connection: close Content-Length: 0 HTTP body length: (0) I've rebuilt NetworkManager-openconnect from f25/rawhide (https://pkgs.fedoraproject.org/cgit/rpms/NetworkManager-openconnect.git/commit/?id=452f8438f66b26e88c1eaaedf87f258ed237c225) locally and manually added the connection, i.e. there is no way to change the protocol to "nc" in the GUI. Then things work and I get the "nice" realm, username, password GUI dialog.
Hm yes, I added that later didn't I? I've updated the package in rawhide, and it should allow you to select the protocol via the GUI. Please could you test that; if it's working nicely for you then I'll look at pushing it to F2[45]. Thanks.
(In reply to David Woodhouse from comment #4) > > I've updated the package in rawhide, and it should allow you to select the > protocol via the GUI. Please could you test that; if it's working nicely for > you then I'll look at pushing it to F2[45]. Great, thanks! Will the protocol selection in GUI work with NetworkManager that's in Fedora 24 (NetworkManager-1.2.4-2.fc24.x86_64)? I'll rebuild and test the package ASAP.
Yes, the updated NM-openconnect package should work with the version of NetworkManager that's in F24.
(In reply to David Woodhouse from comment #6) > Yes, the updated NM-openconnect package should work with the version of > NetworkManager that's in F24. Great. I've rebuild and tested: NetworkManager-openconnect-1.2.3-0.20160923gitac5cdf.fc24.x86_64 NetworkManager-openconnect-gnome-1.2.3-0.20160923gitac5cdf.fc24.x86_64 and it works (the GUI protocol chooser also works as advertised).
NetworkManager-openconnect-1.2.4-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-4b0e78e336
NetworkManager-openconnect-1.2.4-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-4b0e78e336
NetworkManager-openconnect-1.2.4-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.